From: Christian Niessner Date: Thu, 7 Mar 2013 18:37:58 +0000 (+0100) Subject: Fix corner case in NTLM authentication (trac #172) X-Git-Tag: v2.4_alpha1~602 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f8ac53b98ed2513f1d80363b6fd2351f1b4ae511;p=thirdparty%2Fopenvpn.git Fix corner case in NTLM authentication (trac #172) The problem is located in the file proxy.c within "establish_http_proxy_passthru": To keep buffers small long base64-encoded NTLM-Strings are truncated. But the truncating is done on a wrong place: base 64 strings can be cut every 4 chars. the buffer is 128 bytes - including the terminating \0, so the usable data is only 127 bytes. And decoding a 127 char base64 string fails... this is why the ntlm authentication fails in certain cases (long strings)... Acked-by: Joerg Willmann URL: https://community.openvpn.net/openvpn/ticket/172 Signed-off-by: Gert Doering --- diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c index 363d8a735..95d71531b 100644 --- a/src/openvpn/proxy.c +++ b/src/openvpn/proxy.c @@ -499,7 +499,7 @@ establish_http_proxy_passthru (struct http_proxy_info *p, { struct gc_arena gc = gc_new (); char buf[512]; - char buf2[128]; + char buf2[129]; char get[80]; int status; int nparms; @@ -622,7 +622,7 @@ establish_http_proxy_passthru (struct http_proxy_info *p, openvpn_snprintf (get, sizeof get, "%%*s NTLM %%%ds", (int) sizeof (buf2) - 1); nparms = sscanf (buf, get, buf2); - buf2[127] = 0; /* we only need the beginning - ensure it's null terminated. */ + buf2[128] = 0; /* we only need the beginning - ensure it's null terminated. */ /* check for "Proxy-Authenticate: NTLM TlRM..." */ if (nparms == 1)